DistroWatch Weekly

A weekly opinion column and a summary of events from the distribution world

DistroWatch Weekly

DistroWatch Weekly, Issue 581, 20 October 2014

Welcome to this year's 42nd issue of DistroWatch Weekly! The world of technology changes at a remarkable rate and, in this rapid stream of progress it can be difficult to know how to stay secure. This week we turn our attention to the Qubes OS project which has an interesting approach to keeping our computers secure and our information private. This week we continue our discussion on rolling-release distributions and their reliability. Find out below which distributions are running smoothly and which ones are experiencing problems. Another rolling-release, SparkyLinux, is also in the spotlight in a first impressions review this week. Read on to find out how the Debian-based project performs. In the News section this week we share graphics improvements coming to Fedora via new drivers and to Kubuntu through the KDE desktop. We also share the highlights of FreeBSD's quarterly status report and talk about Debian's massive archive of packages and how the project plans to store the growing mountain of data. Plus, we discuss Debian's debate over whether to allow users to choose their preferred init system. As usual, we bring you the distribution releases of the past week and look forward to fun, new releases to come. We wish you all a fantastic week and happy reading!

Since my time with Qubes was cut quite short I turned my attention to another project. SparkyLinux 3.5 was released a few weeks ago and I thought the Debian-based distribution looked interesting. According to the project's website, "SparkyLinux is a lightweight, fast and simple Linux distribution designed for both old and new computers featuring customized Enlightenment and LXDE desktops. It has been built on the "testing" branch of Debian GNU/Linux. SparkyLinux is available for i486 and x86_64 machines." SparkyLinux (hereafter referred to as Sparky) is available in several editions. At the time of writing there are 32-bit and 64-bit builds of LXDE, Enlightenment, MATE, Razor-qt, Xfce, Openbox and JWM editions. I opted to download the 64-bit build of the MATE edition of SparkyLinux. The ISO file we download is approximately 1.5 GB in size.

Booting from the SparkyLinux media brings up a menu where we can choose to run a live desktop environment with one of several languages. Once we select our preferred language we are brought to the MATE desktop environment. At the top of the display we find the application menu along with two menus for accessing directories and system settings. At the bottom of the screen we find a quick launch bar filled with popular open source applications. Over to the right side of the display we find a panel showing system status information. This panel displays network activity, memory usage statistics, current CPU usage and a short list of running processes. The wallpaper and, in fact, most of the controls and icons are drawn in shades of grey. As everything appeared to be working properly I turned my attention to the project's system installer.

SparkyLinux' graphical system installer appears to be the same one used by Linux Mint Debian Edition. We are walked thought a series of screens where we are asked to select our preferred language from a list, pick our time zone from a map of the world and we are asked to confirm our keyboard's layout. The next screen asks us to create a user account for ourselves. Next the installer offers to automatically set up disk partitions for us. By default SparkyLinux will create two partitions, one for our operating system and another for swap space. We can choose, at this time, to click a button to launch the GParted partition manager. Using GParted we can arrange our disk the way we like and then return to SparkyLinux' installer. Back on the partition management screen we are asked to click on partitions to assign them mount points, such as "/" and "/home". Next, we are asked to confirm whether we would like to install a boot loader on our computer and, assuming we do want a new boot loader, we are asked where it should be placed. The system installer then shows us what actions it will take and waits for us to confirm before it begins copying files to our hard drive. Once the installer has finished setting up SparkyLinux on our computer we are asked to reboot the machine.

Booting our new copy of SparkyLinux brings up a graphical login screen. Like the rest of the distribution the login screen is decorated in grey. Signing into our user account brings us back to the MATE desktop. Upon logging in I found there was no welcome screen or other pop-ups. Apart from the Conky status panel on the right side of the screen, the MATE desktop remains calm and empty. In the upper-right corner of the display I noticed an icon which I suspected indicated the availability of software updates. Clicking on this icon gives us the option of either opening the Synaptic package manager or opening a program called APTus.

APTus is a simple graphical front end to package management which focuses on providing users with an easy way to update software, fix broken packages and clear the package cache. The APTus window is divided into tabs, each tab containing modules of similar functionality. For example, there are tabs for accessing update features, repair features, adding new packages and removing unwanted software. I found APTus did a nice job as far as gathering new updates was concerned. Adding or removing packages is a bit less user friendly as trying to add/remove a package requires typing in the name of the package we wish to manipulate. APTus does not display lists of available packages and this makes it better suited to general actions, such as updating all software or clearing the cache of stale files. I used APTus mostly for performing updates and found that it worked well enough. Whenever we perform an action from APTus's interface a new terminal window opens and we see the appropriate APT command executed in command line fashion. When the action completes we are returned to the APTus window.

While APTus has its uses, I found the Synaptic graphical package manager was usually my preferred tool for managing software. Synaptic presents a fairly simple interface where we are shown an alphabetical list of available software packages. Clicking a checkbox next to a package allows us to install, remove or upgrade the package. Synaptic works quickly and allows us to create batches of actions to perform. SparkyLinux pulls much of its software from the Debian Testing repositories. The project also maintains its own repository for some custom items. Digging through the APT configuration files I found SparkyLinux has the ability to pull software from a number of third-party repositories, including one maintained by Google, another for PlayOnLinux and there are some personal package archives (PPA) too. These third-party repositories were disabled on my system, but could be activated to provide additional applications. The first day I used SparkyLinux there were 237 software packages which could be upgraded and these totalled 250 MB in size. All packages downloaded and installed without any problems.

SparkyLinux ships with a collection of useful software. Included in the distribution are the Iceweasel web browser (with an accompanying Flash player), the Pidgin instant messaging client, the Transmission bittorrent client, the XChat IRC client and the gFTP file transfer application. The LibreOffice productivity suite is installed for us along with a document viewer, the Camorama webcam viewer, the GNU Image Manipulation Program and a collection of small games. The distribution provides users with the Exaile audio player, the VLC multimedia player and a YouTube video browser. We are also given a collection of media codecs which allow us to play a wide range of multimedia files. SparkyLinux ships with the Xfburn optical disc burning application, the Midnight Commander terminal file manager, a system monitor and the Caja graphical file manager.

SparkyLinux further provides an archive manager, a text editor and a virtual calculator. The MATE desktop comes with a Control Centre application which acts as a hub for configuring the desktop and parts of the underlying operating system. The distribution provides Network Manager to help us get on-line. SparkyLinux additionally ships with a virtual keyboard, the WINE compatibility software that allows us to run Windows applications, Java and the GNU Compiler Collection. I found SparkyLinux ships with the 3.14 version of the Linux kernel and the distribution runs an e-mail server in the background.

While most applications ran very well for me, I had mixed results while working with the project's Control Centre. Many modules of the Control Centre, those which dealt with the look and feel of the MATE desktop, worked well. I could change the desktop's appearance and alter which programs were launched when I logged in, for example. On the other hand, modules which handled the underlying operating system usually would not work. For instance, the user account manager, the services manager and Synaptic would not launch from the Control Centre. The systemd services manager front end would load and display the status of services, but I could not start/stop services or even refresh the list of running services.

Likewise the Device Driver Manager refused to load, claiming it could not be run from live media (though at this time I was running my local copy of SparkyLinux). I suspect the problem lies in the fact the modules which did not work all required administrative rights. My regular user account did not have admin access and the modules in the Control Centre do not prompt for the administrator's password when they are launched. This meant I either had to login as root to perform administrative tasks or manipulate SparkyLinux from the command line where I could use the su command to gain administrative access.

I tried running SparkyLinux on a physical desktop computer and in a VirtualBox virtual machine. In both environments the distribution performed well. The MATE desktop was very responsive and the distribution performed actions quickly. I found MATE looked quite bland with the default theme, but I was able to add a splash of colour through the distribution's Control Centre. SparkyLinux does not require a lot of resources and I found the distribution could run the MATE desktop with 270MB of RAM. When running on physical hardware SparkyLinux properly detected my screen resolution, sound worked out of the box and networking was set up automatically. When running in the virtual environment SparkyLinux provided similar, good results and good performance.

About halfway through my week with the distribution I downloaded a second round of updates. The next time I booted into SparkyLinux I noticed the login screen's background was blank, a plain black instead of shades of grey. When I logged in I noticed several problems. There was no top panel on the MATE desktop, there was no quick-launch panel available and no application menu. The wallpaper had changed to a sort of rainbow pattern. I opened a virtual terminal by right-clicking on the desktop and found SparkyLinux was thrashing my hard drive and the MATE-panel process was taking up all available CPU cycles.

I killed the MATE-panel process and CPU usage returned to normal, but my desktop was still empty and decorated with odd colours. When I attempted to run MATE-panel from the command line a message appeared indicating the package was probably broken and that I could run a command to restore functionality. The provided command did not exist on my system and searches in the software repositories did not find a match. I also found my window manager no longer worked and running any graphical applications caused windows to pile up in the upper-left corner of the screen. After a time of trying to find a solution I decided I had reached the limit of what most users could be expected to attempt and brought my trial to an end.

Conclusions

Despite my time with SparkyLinux coming to an early close I found a good deal to recommend the distribution. SparkyLinux is easy to install, thanks to a pleasant graphical system installer. The distribution features a responsive desktop environment, it boots quickly and properly handled my hardware. SparkyLinux features relatively low resource usage and ships with a good selection of quality open source applications.

On the other hand I ran into several issues while playing with SparkyLinux. Many of the Control Centre modules did not work, probably because they did not prompt for administrator access. This means users must make the choice between logging into a graphical environment as root (not a recommended practice) or we need to manage the operating system from the command line, a practice that will turn off many users. The default desktop environment, with its heavy usage of grey, struck me as depressing. That's just my opinion and some people might like the plain grey theme, but I quickly decorated the desktop in more festive colours. Mostly though my concern with SparkyLinux is that an update broke my desktop after just three days. SparkyLinux' parent distribution, Debian Testing, has a well earned reputation for stability and I was surprised to see a package break, especially this close to Debian's upcoming feature freeze.

All in all, SparkyLinux does some things well. It is fast and friendly in most aspects. However, some problems with admin modules and the distribution's style of package management will probably turn away novice Linux users. SparkyLinux may be a good choice for people who want to play with Debian Testing and run a lightweight desktop. All of SparkyLinux' editions feature low-resource desktop environments and I suspect the distribution will suit people running on older hardware, so long as they don't mind keeping up with a rolling repository of software.

* * * * *

Qubes OS 2

Several people wrote to me a few weeks ago and asked if I would review Qubes OS. The Qubes project recently released version 2 of their security-oriented operating system and I was happy to give this unusual project a try. Qubes runs Linux software, but it is not exactly a Linux distribution. As the project's website states "If you really want to call it a distribution, then it's more of a Xen distribution than a Linux one. But Qubes is much more than just Xen packaging. It has its own VM management infrastructure, with support for template VMs, centralized VM updating, etc. It also has a very unique GUI virtualization infrastructure."

The Qubes project implements what is called "security by isolation". There are a few different approaches to security in operating systems. Some projects, such as OpenBSD, attempt to create clean, bug-free code which is difficult to exploit. Attempting to avoid problems using high quality code and good design is called "security by correctness". Other projects attempt to hide details of their inner workings (often by not sharing their source code) and this is called "security by obscurity". What Qubes does is attempt to separate components into different containers. The idea behind the isolation approach is that modern operating systems contain many components and these components are often complex. It is not realistic then to assume every component can be properly audited to make sure it works correctly and cannot be compromised. Rather than try to make sure all of the thousands of components running on our computers work correctly and are secure themselves, Qubes isolates these components so that one misbehaving (or compromised) application is not a threat to the rest of the system or our data.

Using Qubes we can set up different security zones and the idea is applications and data stay within these zones. We might use one zone for banking and buying items on-line, another zone for playing games or casual web browsing and a third zone for work. Keeping our activities compartmentalized prevents our casual web browsing from placing our confidential work information at risk. It might be easiest to think of each zone as a lightweight virtual machine, a separate quarantined area.

I feel it is important to note Qubes is only available as a 64-bit build for x86 machines and Qubes does not strive to be a multi-user operating system. "Qubes does not pretend to be a multi-user system. Qubes assumes that the user who controls Dom0 controls the whole system. It would be very difficult to securely implement multi-user support."

The download for Qubes is approximately 3 GB in size. Booting from this media brought up a menu offering to either launch the installer or test the media and then launch the installer. Once the media check has completed we are brought to a text console where I was told the operating system could not launch the X display server. Instead the text-based version of the Anaconda system installer launches and shows us a hub menu. We access each node of the hub one at a time, providing information to the installer. Some items we are asked to provide include the time zone, the location of the source media (an ISO file, DVD or network location).

We are asked which hard drive to install Qubes on and whether to use available free space or take over a portion of the disk. We can choose to install Qubes on a standard partition, a LVM volume or using Btrfs. We are also asked to create a password for our administrative user account and create a regular user account for ourselves. When this information had been entered and I chose to proceed the installer crashed and offered to send a bug report. I went back through the installer a few more times, taking different install options. I tried different partition layouts, a different desktop environment (Xfce and KDE are available) and I tried installing Qubes on a second machine. In each case the system installer crashed before it could finish copying its files to my hard drive.

Qubes carries an interesting idea, one which I suspect is fairly practical. With modern, complex operating systems it does not make sense to assume all the programs we run will be secure and unexploitable. Nor does it make sense to think vulnerabilities can hide from today's exploit kits. Isolating processes, sandboxing applications and limiting access seem to be the most reasonable approaches to security today. For that reason I quite admire what Qubes is trying to do. I'm sorry to say I have not been able to get Qubes running in my test environments, either on physical hardware or in a virtual machine.

* * * * *

Hardware used in this review

My physical test equipment for this review was a desktop HP Pavilon p6 Series with the following specifications:

With the release of Fedora 21 planned for later this year, the developers are eager to share some of the improvements coming to the Red Hat sponsored project. A post on Fedora Magazine shares some of the improvements coming to Fedora's graphics software. Fedora includes support for several additional video cards, logging X output via systemd, improved power management and multi-GPU laptops. From the article: "Mesa is a collection of open source libraries that implement the OpenGL API, and also contains the 3D drivers for Fedora. Mesa in Fedora 21 is updated to version 10.3 (Fedora 20 shipped version 9.2.3) This updated version of Mesa provides support for OpenGL 3.3 for many cards, including: NVIDIA GeForce 8 and newer, AMD Radeon HD2000 and newer, and the Intel HD Graphics featured in the Ivybridge and Haswell chipsets."

Last week we shared a report of GNOME's progress in supporting Wayland. This week we share the KDE project's progress in supporting Wayland and other advancements. KDE's Plasma 5.1 was launched recently and it comes with several new features: "Those travelling regularly will enjoy better support for time zones in the panel's clock, while those staying at home a revamped clipboard manager, allowing you to easily get at your past clipboard's content. The Breeze widget style is now also available for Qt4-based applications, leading to greater consistency across applications. The work to support Wayland as display server for Plasma is still ongoing, with improved, but not complete support in 5.1. Changes throughout many default components improve accessibility for visually impaired users by adding support for screen readers and improved keyboard navigation. Aside from the visual improvements and the work on features, the focus of this release lies also on stability and performance improvements." The announcement includes links to Kubuntu ISO images which include snapshots of the new Plasma release.

* * * * *

Have you ever wanted to compile an Android ROM right on your desktop machine, but didn't know how to accomplish the task? Well, things have become a lot easier thanks to some interesting work by Nathan Fry who emailed DistroWatch last week: "I'd like to submit my project - Builduntu. It's a preconfigured compiling environment for Android ROMs. I felt there was a disconnect between the skill level required to set up Linux and that needed to start compiling ROMs from source, so I created both a virtual machine and a customized ISO image." The Builduntu install disc is a customised build of the Ubuntu 14.04 release: "Builduntu is a custom branch of the Ubuntu operating system, based on my guide here for preparing Ubuntu 14.04 to compile Android ROMs from source. It includes everything you need to sync with the repository of your choice (Cyanogenmod, AOKP, AOSP, etc) and start building." A Builduntu virtual machine which provides a way of compiling Android ROMs on Linux, Windows and OS X is also available.

* * * * *

The Debian GNU/Linux distribution is one of the largest open source projects in the world and also one of the oldest. With numerous branches, multiple repositories, thousands of packages and many ports, Debian requires a great deal of storage space. According to this post on the project's website, Debian's archive grows at a rate of about 5 TB per year. For a not for profit project, that represents a lot of storage space and a lot of bandwidth. Luca Filipozzi, a core member of the Debian system administration team says: "There are thousands of Debian software packages on the snapshot platform. It contains twenty years of history captured in a single place. If developers don't have a local repository available, they can easily find an old version from years ago, which makes the archive a valuable asset to them. But to have it all available online on a global base is a big request for most hosting providers." Enter LeaseWeb, a hosting provider who says Debian installs make up about a quarter of their client base and they want to support the popular Debian distribution. LeaseWeb has offered to host Debian's growing archive, free of charge, for at least three years.

Earlier this year the Debian distribution made the choice to adopt systemd as the new init software for Debian GNU/Linux. The choice to change init software was a controversial one and, while it appears systemd is going to stay the default for Debian, some developers are pushing to keep alternative options alive. Ian Jackson has put forward a proposal in which he calls for freedom of choice. He writes: "Debian has decided (via the technical committee) to change its default init system for the next release. The technical committee decided not to decide about the question of "coupling" i.e. whether other packages in Debian may depend on a particular init system. This GR seeks to preserve the freedom of our users now to select an init system of their choice, and the project's freedom to select a different init system in the future." While some Debian developers support the proposal, others are concerned that introducing new changes will throw off Debian's schedule and upcoming feature freeze.

* * * * *

Finally, a link to a sneak peak at the upcoming release of OpenBSD 5.6 (scheduled for arrival on 1 November), courtesy of OpenBSD developer Lawrence Teo: "OpenBSD 5.6 is of course the first OpenBSD release with LibreSSL, the now-famous fork of the OpenSSL library. But while LibreSSL is an important milestone for OpenBSD, there are many other things in the OpenBSD 5.6 release that warrant attention as well. The developers are still busy preparing the OpenBSD 5.6 release notes. Meanwhile, if you're curious about what's new in OpenBSD 5.6, you can get a sneak peek from various places on the Internet if you know where to look! I would like to highlight three places in particular. The first place to look at is the big list of changes between OpenBSD 5.5 and 5.6 that has been painstakingly compiled by Brett Mahar throughout the development cycle. I think Brett does an amazing job of collating all this information together for every release! I have no idea how he manages to go through every source-changes@ post to produce this list so consistently."

Rolling-release trial (by Jesse Smith)

Rolling-release experiment - week two

My trial with rolling-release distributions got off to a good start last week. Granted, there were some minor quirks early on. For example, I noticed right away PCLinuxOS was going to need more than the recommended 10GB of hard drive space for a prolonged trial and performed a re-install on my first day to give the distribution more disk space. I had a desktop panel disappear briefly on my copy of PC-BSD and I had to modify my initial configuration of Arch Linux a little to get it to connect to the Internet. Still, nothing went badly, nothing outright broke during the initial stages of my trial to see how these rolling-release distributions would function. One week in, it was time to upgrade all five distributions and see how each one performed. Here is what happened:

* * * * *

PC-BSD "Edge"

The first operating system in my trial to be updated was PC-BSD. I booted up the machine and immediately took note of the fact an icon in the system tray indicated software updates were available. I opened the update manager and it did its own check for updates. The update manager soon told me it could find no new packages and my system was declared up to date.

I was a bit puzzled at the system tray icon telling me one thing while the update manager said another. After manually taking a snapshot of my current file system using PC-BSD's boot manager, I turned to the command line. Using the pkg command line package manager, I checked for updates and found a total of 100 new packages were waiting for me, totalling 200MB in size. I'm not sure why pkg saw these while the update manager did not, but I attempted to download the entire lot. Most packages updated cleanly, but several packages relating to the operating system's Linux compatibility layer would not install. As it turned out, PC-BSD recently updated their Linux compatibility software, transitioning from using Fedora 10 to CentOS 6 as their foundation. This caused some conflicts during the upgrade process.

I soon found this post in the PC-BSD development mailing list which explained how to properly upgrade from the Fedora-based packages to the CentOS-based packages. The instructions provided worked for me with no problems and I soon had a fully up to date PC-BSD Edge system. After a reboot, I checked to make sure all my applications were working properly and found no problems had developed following the upgrade.

* * * * *

Debian GNU/Linux "Sid"

The next project on my list was Debian GNU/Linux "Sid". I booted into Debian and, using the apt-get command line package manager, discovered 142 packages were waiting for me, totalling 189MB in size. The waiting packages downloaded quickly and installed cleanly. I made sure I could still boot into the system and that my applications continued to work and found Debian continued to perform without any problems.

I had similar experiences with both PCLinuxOS and Arch Linux this week. When I fired up PCLinuxOS and opened the Synaptic package manager I found just two new packages waiting for me, their size coming to 1MB in total. Synaptic downloaded both packages and these updates had no visible affect on my installation of PCLinuxOS.

My experience with updating Arch Linux was about the same. Using Arch's pacman command-line package manager, I found just ten new updates waiting for me, totalling 20 MB in size. The pacman utility downloaded these updates and applied them with no problems. My Arch installation continued to work as before.

* * * * *

openSUSE "Factory"

Of the upgrades I performed this week, I had the most trouble with openSUSE "Factory". When I launched openSUSE and went into the YaST control panel my check for new packages showed no updates were available. Closing YaST, I turned to the zypper command line package manager. The zypper program reported it could not perform any actions on packages as PackageKit had locked the package database. The zypper program offered to close PackageKit for me, but when I asked zypper to terminate PackageKit I was told PackageKit could not be made to close. I went back into YaST and went into the services manager. The services manager showed PackageKit was not running and, in fact, PackageKit was shown as being disabled. Finally, I turned to the command line and manually forced the PackageKit process to terminate.

After PackageKit was out of the way, zypper was able to create a file system snapshot for me and download the available updates. There were 1,463 updated packages waiting for me in Factory's repositories, just five days after my previous upgrade had been performed. These updates totalled 1.25 GB in size. I got about halfway through the upgrade process when zypper reported it could not continue as it had run out of disk space. Originally, I had set up openSUSE on a 8 GB partition, usually enough for a fixed-point release. However, the operating system required around 5 GB and the upgrade process would need at least 4 GB on top of that.

Luckily, openSUSE defaults to using the Btr file system and it is beautifully easy to add a new storage device to systems running Btrfs. With a second 8GB disk handed to openSUSE, zypper was able to resume its upgrade process. Once the upgrade had finished, a few hours later, I found I could still login to KDE and my applications still worked. There were a few changes to the way openSUSE looked. There were new icons on the desktop for launching Firefox, LibreOffice, for bringing up hardware information and for accessing on-line help. Some icons in the system tray also looked different after the upgrade. Still, in the end, everything worked.

* * * * *

While most of the operating systems in my trial upgraded without serious problems this week, there were two minor issues. One was that the update managers of both PC-BSD and openSUSE failed to recognize available updates and forced me to switch to working from the command line. This is a relatively minor issue. What I am quickly finding though is rolling-release operating systems require a good deal more hard drive space than fixed point releases. In most of my week-long trials I provide operating systems with 8 GB of disk space and this supplies them with enough space for the operating system and swap space. However, in my trial with rolling-releases I've had to re-install PCLinuxOS on a 16 GB partition as 10 GB just was not enough.

PC-BSD recommends at least 50 GB to function on an on-going basis (though PC-BSD has only used about 6 GB to date) and I am finding openSUSE requires at least 10 GB of space, just for the first wave of updates. I suspect once file system snapshots begin to accumulate, the space requirements of openSUSE and PC-BSD will grow. Originally, I installed Arch on a 8GB partition and that drive threatens to overflow if I don't regularly clean its cache. Only Debian, so far, has maintained a small footprint, requiring less than 4 GB of hard disk space.

Red Hat, Inc. has announced the release of Red Hat Enterprise Linux (RHEL) 6.6, the sixth update in the 6.x series of Red Hat's enterprise-class Linux distribution: "The Red Hat Enterprise Linux team is pleased to announce the release of Red Hat Enterprise Linux 6.6, the latest version of our Red Hat Enterprise Linux 6 platform. With the release of Red Hat Enterprise Linux 6.6, we continue to refine the stable and secure Red Hat Enterprise Linux 6 platform which provides a reliable foundation for mission-critical systems across industries and regions. Red Hat Enterprise Linux 6.6 delivers a variety of improvements that provide increased system performance across physical, virtual, and cloud environments. These optimizations and tuning improvements include: kernel locking improvements to allow for more efficient CPU utilization on large NUMA systems...." Read the release announcement and consult the comprehensive release notes for further information.

Michael Tremer has announced the release of IPFire 2.15 Core 84, a new stable release of the specialist distribution designed for firewalls: "This is the official release announcement for IPFire 2.15 Core Update 84. This is a release that fixes some security issues in the GNU Bash package which are commonly known as 'Shellshock' and it comes with more fixes and minor feature enhancements. As you may have already seen on the news, the Shellshock issues made more people look into the code of the default shell of many *nix systems. Those people found many more programming errors and provided fixes for them which have been applied in this release. IPFire is now shipping GNU Bash 4.3.30 and the companion library readline in version 6.3. There have been some denial of service issues in the Squid web proxy which have been fixed in release 3.4.8. Those are of minor severity only and quite possibly cannot be exploited to inject code. The firewall got a couple of new features which I explained in detail in a post on the IPFire planet." Read the rest of the release announcement for a more detailed changelog.

Peter Manev has announced the release of SELKS 1.0, the inaugural version from the project developing a specialist Debian-based distribution that ships with a variety of pre-configured network security management tools: "Stamus Networks is proud to announce the availability of the SELKS 1.0 stable release. SELKS is both live and installable network security management ISO image, based on Debian GNU/Linux, implementing and focusing on a complete and ready-to-use Suricata IDS/IPS ecosystem with its own graphic rule manager. SELKS is comprised of the following major components: Suricata IDPS, Elasticsearch, Logstash, Kibana and Scirius. It offers proven, powerful, innovative and scalable open-source multi-threading technologies in a bundle. SELKS 1.0 comes with 10 pre-installed Kibana IDS/NSM dashboards. They cover analysis of the Suricata alerts and events with per-protocol dashboards (Alerts, HTTP, Flow, SSH, TLS, DNS)." Read the full release announcement for more details and screenshots.

Tails 1.2 has been released. Tails is a Debian-based live distribution developed with the goal of preserving privacy and anonymity of users on the Internet. From the release announcement: "Tails, The Amnesic Incognito Live System, version 1.2, is out. This release fixes numerous security issues and all users must upgrade as soon as possible. Major new features: install (most of) the Tor browser, replacing our previous Iceweasel-based browser, the version installed is from TBB 4.0 and is based on Firefox 31.2.0esr, this fixes the POODLE vulnerability; upgrade Tor to 0.2.5.8-rc; confine several important applications with AppArmor. Bug fixes: install Linux kernel 3.16.5. Minor improvements: upgrade I2P to 0.9.15 and isolate I2P traffic from the Tor Browser by adding a dedicated I2P Browser, also, start I2P automatically upon network connection, when the i2p boot option is added; make it clear that TrueCrypt will be removed in Tails 1.2.1 and document how to open TrueCrypt volumes with cryptsetup."

Arnault Perret has announced the release of HandyLinux 1.7, a novice-friendly distribution that features an intuitive start menu with application launchers and Internet bookmarks - based on the stable Debian GNU/Linux 7.0. According to the release announcement (in French only, even though the distribution supports English besides the default French language) the major change in this release is the replacement of Google's Chromium browser with GNU Iceweasel. The HandyMenu application, the distribution's main feature, has been upgraded to version 2.3; it sees the Facebook button is gone, replaced by a link to Framasoft's free services. Some of the other items in the changelog include: redesign of the browser's start page; addition of gpart and Yelp; clean-up of documentation files; addition of "social launchers" for direct access to popular social sites; addition of the Diaspora launcher; software updates to Debian 7.7.

SELKS. SELKS, a product of Stamus Networks, is a Debian-based live distribution designed for network security management. It provides a complete and ready-to-use Suricata IDS/IPS ecosystem with its own graphic rule manager. The system also includes Kibana IDS/NSM dashboards (for visualising logs and other time-stamped data) a Scirius (a rules management interface for Suricata). SELKS is released under the GNU GPLv3 licence.

XStreamOS. XStreamOS and XStream Desktop are Sonicle's effort to maintain a distribution of the illumos kernel (originally derived from OpenSolaris), featuring the ZFS file system, Crossbow network architecture, virtualisation and zones, as well as a customised LXDE desktop. It also strives to develop and contribute to the illumos kernel. Sonicle, a company located in Italy, also maintains two other full-featured products - XStream Server and XStream Storage.

Star Labs - Laptops built for Linux.
View our range including the Star Lite, Star LabTop and more. Available with a choice of Ubuntu, Linux Mint or Zorin OS pre-installed with many more distributions supported. Visit Star Labs for information, to buy and get support.

SalentOS is a Debian-based GNU/Linux distribution that uses Openbox as window manager. SalentOS has been designed to embrace lightness (hence the choice of Openbox), but at the same time it maintains the completeness and features of Debian. The system includes elements of GNOME and Xfce desktops.